CLI usability issue

I am running intto some fatal issues with using the ScreenOS CLI for much of anything.

Issue 1: Object names longer than 11 characters are truncated and a tilde is appended. If I have three mips which all have the same first 6 digits, they appear to all be the same thing when displayed on the cli. For example, 'get policy' may show the following three different dest addresses:

MIP(123.123~

MIP(123.123~

MIP(123.123~

There is no way to tell them apart. Is there any way to get it to display more characters? The current display makes it impossible to manage policies via the cli.

Issue 2: Lets say I need to change/remove a policy which I know contains the IP address 123.123.123.123. I do not know the policy ID, and I know there are not many policies which refference this number. I can do 'get policy' and get a list of 1000+ policies and then scan through them for 20 minutes and hope I find it, but there must be a better way. Unfortunately using '| inc 123.123.123.123' will not return anything useful because the policy this object is refferenced in has multiple destination addresses, so it takes up multiple lines. Searching with 'inc' will find the IP address, but does not show me anything else, such as policy ID or what the policy even does. Is there a good way to find a policy containing a specific IP when you have a lot of policys?

Re: CLI usability issue

Policies I normally configure from the WebUI due to some of the same limitations you mentioned.

What you can do is do a "get config" and do an include for what you're looking for. That should show you all the details. So if you're looking for any config statement with "123.123.123.123", do a "get config | inc 123.123.123.123". You may still find some weird things with it but something you can try to see if it helps you in what you're looking for.

Another option is do run a report on your policy, which generates a web page with everything. You can do a quick find on what you're looking for to find the policy ID.

Re: CLI usability issue

The command "get policy" dispalys all policies in a table form. Sure, the columns are of a fixed width. "get policy id <id>" displays a single policy in a text form, with no truncationc. There are several additional keywords that help to narrow your search:

xxxxxxxxxxxxxx-> get policy ?> redirect output| match output <--- You can add include <searched text> here, as Mike explained<return>disabled show disabled policiesid show one policyaction actionall show all policies(including global policy)dst-ip dst-ip addressfrom from zoneglobal show global policiesservice servicesrc-ip src-ip addressto to zone

But I see no reason not to use the WebUI. The WebUI has no limitations that might prevent you from policy editing.